2 Apr
2019
2 Apr
'19
10:37 a.m.
On Apr 2, 2019, at 9:58 AM, Sebastian Hagedorn <Hagedorn@uni-koeln.de> wrote:
Hm, are you familiar with this paper? My understanding of it is that (some) badly configured clients are vulnerable.
<https://www.sciencedirect.com/science/article/pii/S0167404817302808>
Well, if people misconfigure things, then anything can happen. I've seen similar things with FreeRADIUS. "Hi, we configured the system to not check passwords, and now anyone is let in! FreeRADIUS has a security issue" Security is hard. Which is why most people get it wrong. Alan DeKok.